Rebase to version 1.35

Patches `tar-1.30-CVE-2022-48303.patch` and `tar-configure-c99.patch` were upstreamed Resolves: #2223565
2023-07-18 12:19:29 +00:00 · 2023-07-18 12:19:29 +00:00 · d354596089
commit d354596089
parent 349b9375f8
5 changed files with 14 additions and 88 deletions
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (tar-1.34.tar.xz) = 5e77c4a7b49983ad7d15238c2bce28be7a8aa437b4b1815fc00abd13096da308b6bba196cc6e3ed79d85e62823d520ae0d8fcda2d93873842cf84dc3369fc902
-SHA512 (tar-1.34.tar.xz.sig) = 55297f41549deee511f5b14c6b5dc7bb3d9282dad52bcc85f9dddfad24b677f989ba86387ad9b133c3698feedbd6b6cd7e9f005e8e4c89f72c80543eeceb78f7
+SHA512 (tar-1.35.tar.xz) = 8b84ed661e6c878fa33eb5c1808d20351e6f40551ac63f96014fb0d0b9c72d5d94d8865d39e36bcb184fd250f84778a3b271bbd8bd2ceb69eece0c3568577510
+SHA512 (tar-1.35.tar.xz.sig) = 00e5c95bf8015f75f59556a82ed7f50bddefe89754c7ff3c19411aee2f37626a5d65c33e18b87f7f8f96388d3f175fd095917419a3ad1c0fc9d6188088bac944
--- a/tar-1.28-atime-rofs.patch
+++ b/tar-1.28-atime-rofs.patch
@ -1,6 +1,6 @@
-From 71769b9ea3c12b7fbb39fee2e9f4a4c1c36c0d0b Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 28 Jul 2014 08:13:31 +0200
+From c4d06365aef1539853e1dd41c539173809760cd0 Mon Sep 17 00:00:00 2001
+From: Lukas Javorsky <ljavorsk@redhat.com>
+Date: Tue, 18 Jul 2023 12:27:38 +0000
 Subject: [PATCH 4/9] utime & read-only FS

 Ignore errors from setting utime() for source file on read-only
@ -16,13 +16,13 @@ http://lists.gnu.org/archive/html/bug-tar/2009-06/msg00016.html
 1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/src/create.c b/src/create.c
-index e2f4ede..f644f23 100644
+index d20178c..b31fbe5 100644
 --- a/src/create.c
 +++ b/src/create.c
-@@ -1824,7 +1824,8 @@ dump_file0 (struct tar_stat_info *st, char const *name, char const *p)
+@@ -1851,7 +1851,8 @@ dump_file0 (struct tar_stat_info *st, char const *name, char const *p)
 	    }
 	  else if (atime_preserve_option == replace_atime_preserve
- 		   && fd && (is_dir || original_size != 0)
+ 		   && timespec_cmp (st->atime, get_stat_atime (&st2)) != 0
 -		   && set_file_atime (fd, parentfd, name, st->atime) != 0)
 +		   && set_file_atime (fd, parentfd, name, st->atime) != 0
 +		   && errno != EROFS )
@ -30,5 +30,5 @@ index e2f4ede..f644f23 100644
 	}
 
 -- 
-1.9.3
+2.41.0

--- a/tar-1.30-CVE-2022-48303.patch
+++ b/tar-1.30-CVE-2022-48303.patch
@ -1,30 +0,0 @@
-From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
-From: Sergey Poznyakoff <gray@gnu.org>
-Date: Sat, 11 Feb 2023 11:57:39 +0200
-Subject: [PATCH] Fix boundary checking in base-256 decoder
-
-* src/list.c (from_header): Base-256 encoding is at least 2 bytes
-long.
---
- src/list.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/list.c b/src/list.c
-index 9fafc425..86bcfdd1 100644
--- a/src/list.c
-+++ b/src/list.c
-@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
- 	  where++;
- 	}
-     }
-  else if (*where == '\200' /* positive base-256 */
-	   || *where == '\377' /* negative base-256 */)
-+  else if (where <= lim - 2
-+	   && (*where == '\200' /* positive base-256 */
-+	       || *where == '\377' /* negative base-256 */))
-     {
-       /* Parse base-256 output.  A nonnegative number N is
- 	 represented as (256**DIGS)/2 + N; a negative number -N is
-- 
-2.38.1
-
--- a/tar-configure-c99.patch
+++ b/tar-configure-c99.patch
@ -1,45 +0,0 @@
-Avoid an implicit declaration of utime in the configure script.  This
-ensures that the package continues to build with future compilers
-which do not support such implicit declarations by default.
-
-This is a downstream-only patch.  Upstream, the configure file is
-generated correctly since the following gnulib commit:
-
-commit c20ba6929e5ac4a9cc72cd2b1f2d938e219adb01
-Author: Bruno Haible <bruno@clisp.org>
-Date:   Sat Jan 23 22:10:25 2021 +0100
-
-    utime: Fix configure test (regression 2020-12-04).
-    
-    Reported by Ryan Schmidt <wget@ryandesign.com> via Tim Rühsen in
-    <https://lists.gnu.org/archive/html/bug-gnulib/2021-01/msg00282.html>.
-    
-    * m4/utime.m4 (gl_FUNC_UTIME): In the test program, include <utime.h>,
-    not <time.h>.
-
-diff --git a/configure b/configure
-index 129500e018d38aa5..7ed132239c78d2ac 100755
--- a/configure
-+++ b/configure
-@@ -36685,7 +36685,7 @@ else
-   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
- /* end confdefs.h.  */
- #include <stddef.h>
-                 #include <time.h>
-+#include <utime.h>
- 
- int
- main ()
-diff --git a/m4/utime.m4 b/m4/utime.m4
-index 03df7b7282500c73..bdff29d85982cd68 100644
--- a/m4/utime.m4
-+++ b/m4/utime.m4
-@@ -34,7 +34,7 @@ AC_DEFUN([gl_FUNC_UTIME],
-            AC_RUN_IFELSE(
-              [AC_LANG_PROGRAM(
-                [[#include <stddef.h>
-                 #include <time.h>
-+                 #include <utime.h>
-                ]],
-                [[int result = 0;
-                  if (!utime ("conftest.tmp/", NULL))
--- a/tar.spec
+++ b/tar.spec
@ -9,8 +9,8 @@
 Summary: GNU file archiving program
 Name: tar
 Epoch: 2
-Version: 1.34
-Release: 9%{?dist}
+Version: 1.35
+Release: 1%{?dist}
 License: GPL-3.0-or-later
 URL: https://www.gnu.org/software/tar/

@ -24,8 +24,6 @@ Patch3:  tar-1.29-wildcards.patch
 Patch4:  tar-1.28-atime-rofs.patch
 Patch9:  tar-1.28-document-exclude-mistakes.patch
 Patch10: tar-1.33-fix-capabilities-test.patch
-Patch11: tar-configure-c99.patch
-Patch12: tar-1.30-CVE-2022-48303.patch

 BuildRequires: autoconf
 BuildRequires: automake
@ -124,6 +122,9 @@ make check || (


 %changelog
+* Tue Jul 18 2023 Lukas Javorsky <ljavorsk@redhat.com> - 2:1.35-1
+- Rebase to version 1.35
+
 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.34-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild